package cn.amaake.magicplugin.satoken.interfaces;

import cn.amaake.magicplugin.satoken.config.MagicApiSaTokenConfig;
import cn.amaake.magicplugin.satoken.model.SatokenUser;
import cn.dev33.satoken.oauth2.model.SaClientModel;
import cn.dev33.satoken.util.SaResult;
import cn.hutool.http.HttpRequest;
import cn.hutool.http.HttpUtil;
import cn.hutool.json.JSONObject;
import cn.hutool.json.JSONUtil;
import jakarta.servlet.http.HttpServletRequest;
import org.ssssssss.magicapi.core.interceptor.Authorization;
import org.ssssssss.magicapi.core.model.Group;
import org.ssssssss.magicapi.core.model.MagicEntity;
import org.ssssssss.magicapi.core.servlet.MagicHttpServletRequest;

import java.util.HashMap;
import java.util.List;

public class SatokenAbstractClientService extends SatokenAbstract{

    private final MagicApiSaTokenConfig magicApiSaTokenConfig;

    private final String oauth2ServerUrl;


    public SatokenAbstractClientService(MagicApiSaTokenConfig magicApiSaTokenConfig){
        this.magicApiSaTokenConfig = magicApiSaTokenConfig;
        this.oauth2ServerUrl = magicApiSaTokenConfig.getOauth2ServerUrl()+"/magic/web";
    }

    public String getClientSecret(String scope){
        HashMap<String, Object> paramMap = new HashMap<>();
        paramMap.put("grant_type", "client_credentials");
        paramMap.put("client_id",magicApiSaTokenConfig.getClientId());
        paramMap.put("client_secret",magicApiSaTokenConfig.getClientSecret());
        paramMap.put("scope",scope);
        String result = HttpUtil.get(oauth2ServerUrl+"/oauth2/client_token",paramMap);
        JSONObject jsonObject = JSONUtil.parseObj(result);
        return JSONUtil.parseObj(jsonObject.get("data")).getStr("client_token");
    }

    private HttpRequest toOauth2Server(String path,String accessToken){
        HttpRequest httpRequest = HttpRequest.post(oauth2ServerUrl+path);
        httpRequest.header("access_token",accessToken);
        if(magicApiSaTokenConfig.isCheckClient()){
            httpRequest.header("client_token",getClientSecret("oauth2Server"));
        }
        httpRequest.timeout(20000);
        return httpRequest;
    }


    /**
     * 获取用户信息
     * @param username 账号
     * @param password 密码
     * @param request 请求ServletRequest
     * @param ifrequest ServletRequest是否为空，magicapi登录时为false
     * @return
     */
    @Override
    public SatokenUser getSatokenUser(String username, String password, HttpServletRequest request, boolean ifrequest) {
        return null;
    }

    /**
     * 根据loginid获取用户信息
     * @param loginId
     * @return
     */
    @Override
    public SatokenUser getSatokenUserbyid(Object loginId){
        String result = toOauth2Server("/getSatokenUserbyid",loginId.toString()).execute().body();
        SaResult saResult = JSONUtil.toBean(result, SaResult.class);
        SatokenUser satokenUser = null;
        if(saResult.getCode()==SaResult.CODE_SUCCESS){
            satokenUser = (SatokenUser)saResult.getData();
        }
        return satokenUser;
    }

    /**
     * 返回一个账号所拥有的权限码集合
     */
    @Override
    public List<String> getPermissionList(Object loginId, String loginType){
        return null;
    }


    /**
     * 返回一个账号所拥有的角色标识集合 (权限与角色可分开校验)
     */
    @Override
    public List<String> getRoleList(Object loginId, String loginType){
        return null;
    }

    /**
     * 是否拥有页面按钮的权限
     * // Authorization.SAVE 保存
     * // Authorization.DELETE 删除
     * // Authorization.VIEW 查询
     * // Authorization.LOCK 锁定
     * // Authorization.UNLOCK 解锁
     * // Authorization.DOWNLOAD 导出
     * // Authorization.UPLOAD 上传
     * // Authorization.PUSH 推送
     */
    @Override
    public boolean allowVisitPage(String id, MagicHttpServletRequest request, Authorization authorization) {
        return true;
    }

    /**
     * 是否拥有对该接口的增删改权限
     * 此方法可以不重写，则走默认的 boolean allowVisit(MagicUser magicUser, HttpServletRequest request, Authorization authorization) 方法
     * // Authorization.SAVE 保存
     * // Authorization.DELETE 删除
     * // Authorization.VIEW 查询
     * // Authorization.LOCK 锁定
     * // Authorization.UNLOCK 解锁
     * // 自行写逻辑判断是否拥有如果有，则返回true，反之为false
     */
    @Override
    public boolean allowVisitMagicEntity(String id, MagicHttpServletRequest request, Authorization authorization, MagicEntity entity) {
        return true;
    }

    /**
     * 是否拥有对该分组的增删改权限
     * 此方法可以不重写，则走默认的 boolean allowVisit(MagicUser magicUser, HttpServletRequest request, Authorization authorization) 方法
     * // Authorization.SAVE 保存
     * // Authorization.DELETE 删除
     * // Authorization.VIEW 查询
     * // 自行写逻辑判断是否拥有如果有，则返回true，反之为false
     */
    @Override
    public boolean allowVisitGroup(String id, MagicHttpServletRequest request, Authorization authorization, Group group) {
        return true;
    }

    /**
     * 根据clientid获取 Client 信息
     * @param clientId
     * @return
     */
    @Override
    public SaClientModel getClientModel(String clientId) {
        return null;
    }

    /**
     * 根据ClientId 和 LoginId 获取openid
     * @param clientId
     * @param loginId
     * @return
     */
    @Override
    public String getOpenid(String clientId, Object loginId) {
        return null;
    }

}
